<!DOCTYPE html>
<html>
<head>
<script src="../../../resources/js-test.js"></script>
<script src="../resources/common.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>

<script>
description("Tests deriveKey() using ECDH to make AES keys");

jsTestIsAsync = true;

// The test data uses a public key and private key (from different key pairs) for the P-521 curve.
var privateKeyJwk = {
     "kty":"EC",
     "crv":"P-521",
     "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyid-6F48d7iI1zF6VRk7",
     "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
     "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
 };

var publicKeyJwk = {
   "kty":"EC",
   "crv":"P-521",
   "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
   "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
};

// This is the full 528 bits of key data derived by ECDH using the above keys
// (only part of it will be used for these tests). In practice it wouldn't be a
// good idea to make a key directly from ECDH
// output without first going through a KDF, but this is just testing the API.
var fullDerivedBytesHex = "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425"

function importEcKeys() {
    var keys = {};

    debug("Importing the private key...\n");

    return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, ["deriveKey"]).then(function(result) {
        keys.private = result;

        debug("Importing the public key...\n");
        return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, []);
    }).then(function(result) {
        keys.public = result;
        return keys;
    });
}

var ecKeys = null;

importEcKeys().then(function(result) {
    ecKeys = result;

    // Derive an AES-CBC 128 bit key having the 'encrypt' usage.
    debug("Deriving an AES 128 bit key...\n");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 128};
    var extractable = true;
    var usages = ['encrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(function(result) {
    key = result;

    // Verify the key's properties.
    shouldEvaluateAs("key.type", "secret");
    shouldEvaluateAs("key.extractable", true);
    shouldEvaluateAs("key.algorithm.name", "AES-CBC");
    shouldEvaluateAs("key.algorithm.length", 128);
    shouldEvaluateAs("key.usages.join(',')", "encrypt");

    // Export the key and check its bytes.
    return crypto.subtle.exportKey("raw", key);
}).then(function(result) {
    bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 32), result);

    // Derive an AES-CBC 256 bit key having the 'encrypt, decrypt' usage.
    debug("Deriving an AES 256 bit key...\n");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 256};
    var extractable = true;
    var usages = ['encrypt', 'decrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(function(result) {
    key = result;

    // Verify the key's properties.
    shouldEvaluateAs("key.type", "secret");
    shouldEvaluateAs("key.extractable", true);
    shouldEvaluateAs("key.algorithm.name", "AES-CBC");
    shouldEvaluateAs("key.algorithm.length", 256);
    shouldEvaluateAs("key.usages.join(',')", "encrypt,decrypt");

    // Export the key and check its bytes.
    return crypto.subtle.exportKey("raw", key);
}).then(function(result) {
    bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 64), result);

    // Derive an AES-CBC 256 bit key having the 'decrypt' usage and non-extractable
    debug("Deriving an AES 256 bit key...\n");
    var algorithm = {name: 'ecdh', public: ecKeys.public};
    var derivedAlgorithm = {name: 'aes-cbc', length: 256};
    var extractable = false;
    var usages = ['decrypt'];

    return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
}).then(function(result) {
    key = result;

    // Verify the key's properties.
    shouldEvaluateAs("key.type", "secret");
    shouldEvaluateAs("key.extractable", false);
    shouldEvaluateAs("key.algorithm.name", "AES-CBC");
    shouldEvaluateAs("key.algorithm.length", 256);
    shouldEvaluateAs("key.usages.join(',')", "decrypt");
}).then(finishJSTest, failAndFinishJSTest);

</script>

</body>
</html>
